当前位置：首页 > news >正文

【若依 SpringBoot 前后端分离版】修改加密传输后密码错误的解决方法（附排错过程）

news 2025/9/1 16:33:06

排错过程

报错信息

SysLoginController

SysLoginService（问题核心）

太长不看版：解决方法

文章传送门：若依(RuoYi)SpringBoot框架密码加密传输(前后分离板)_若依密码加密方式-CSDN博客文章浏览阅读1.5w次，点赞18次，收藏63次。目前登录接口密码是明文传输为了更高安全性我准备调整为加密方式传输( 这里选择Rsa加密算法) 并分享下编写过程大概加密流程:后台生成随机公钥私钥前台拿到公钥集成jsencrypt实现密码加密传输加密后的密码给后台后台通过私钥对加密后的密码进行解密若依详细登陆流程_若依密码加密方式https://blog.csdn.net/weixin_56567361/article/details/124961493

本文主要解决：根据上面文章改动，但是出现改了之后密码错误无法登录的问题。

环境：若依 v3.8.7，基于 springboot + vue 前后端分离版本，不是这个版本但问题相同的也可以参考。

排错过程

太长不看版：解决方法

排错过程

报错信息

10:29:23.155 [http-nio-8080-exec-14] ERROR c.r.f.w.e.GlobalExceptionHandler - [handleRuntimeException,93] - 请求地址'/login',发生未知异常.
com.ruoyi.common.exception.user.UserPasswordNotMatchException: 用户不存在/密码错误at com.ruoyi.framework.web.service.SysLoginService.loginPreCheck(SysLoginService.java:157)at com.ruoyi.framework.web.service.SysLoginService.login(SysLoginService.java:71)at com.ruoyi.web.controller.system.SysLoginController.login(SysLoginController.java:64)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)at java.base/java.lang.reflect.Method.invoke(Method.java:568)at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:150)at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:117)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:895)at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:808)at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1072)at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:965)at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909)at javax.servlet.http.HttpServlet.service(HttpServlet.java:555)at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)at javax.servlet.http.HttpServlet.service(HttpServlet.java:623)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:209)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:111)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:111)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:114)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at com.ruoyi.common.filter.RepeatableFilter.doFilter(RepeatableFilter.java:43)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:327)at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:81)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:121)at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:115)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:126)at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:81)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:105)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:149)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter.doFilterInternal(JwtAuthenticationTokenFilter.java:42)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:111)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:103)at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:89)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:91)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90)at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:110)at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:80)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:55)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:336)at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:211)at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:183)at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:354)at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:267)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:117)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:178)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:153)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:167)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90)at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390)at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:926)at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791)at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)at java.base/java.lang.Thread.run(Thread.java:833)
10:29:23.160 [http-nio-8080-exec-14] WARN  o.s.w.s.m.m.a.ExceptionHandlerExceptionResolver - [logException,208] - Resolved [com.ruoyi.common.exception.user.UserPasswordNotMatchException: 用户不存在/密码错误]
10:29:23.165 [schedule-pool-1] INFO  sys-user - [run,55] - [127.0.0.1]内网IP[admin][Error][用户不存在/密码错误]
10:29:23.186 [schedule-pool-1] DEBUG c.r.s.m.S.insertLogininfor - [debug,135] - ==>  Preparing: insert into sys_logininfor (user_name, status, ipaddr, login_location, browser, os, msg, login_time) values (?, ?, ?, ?, ?, ?, ?, sysdate())
10:29:23.188 [schedule-pool-1] DEBUG c.r.s.m.S.insertLogininfor - [debug,135] - ==> Parameters: admin(String), 1(String), 127.0.0.1(String), 内网IP(String), Chrome 12(String), Windows 10(String), 用户不存在/密码错误(String)
10:29:23.196 [schedule-pool-1] DEBUG c.r.s.m.S.insertLogininfor - [debug,135] - <==    Updates: 1

涉及到我们代码的部分如下蓝色部分：

灰色是程序框架底层代码，别动；蓝色是自己的代码，可以修改。

怎么看：从下往上看。这是一个栈，相当于多层调用，越靠下的越外层，越靠上的越靠近你出错的核心代码，所以应该是从下往上点开蓝色代码部分。

RepeatableFilter 替大家看过了，这个没有错误。

SysLoginController

定位到这个 controlller，可以看到调用的 loginService 里的 login 方法，这个你一看没有涉及到密码的验证部分（因为报错是密码错误）所以下一步得进这个方法再看。

SysLoginService（问题核心）

来到 login 方法中。这个我直接说解决方法吧。

如图是我改过之后的代码，原作者的代码在 71 行没有进行解密。经过输出检测发现没有进入 77 行的 Authentication 认证，所以是这个方法中出了问题，我们进入这个方法。

根据作者的注释找到和错误相关的代码，如图。

可以看到，作者对密码长度做了校验，不满足长度的都会被视为异常，我们进去看看长度。

标题src/main/java/com/ruoyi/common/constant/UserConstants.java

可以看到问题出在这里了。我们知道 RSA 加密后的密码是非常长的（远超 20），由于原作是明文传输，所以正常密码长度不会超过 20，因此可以通过验证；而我们的 RSA 加密后长度不符合这个，所以会被视为错误。找到归因了。

修改方法：

既然是加密后的密码太长，那么就说明加密前的原始密码是符合规定的。所以在 login 方法中，我们先对密码进行一次解密并放在程序中，利用这个原始密码去完成验证即可。代码片段如下：

        // 首先在这里用解密后密码！！不然过不了长度校验！！String passwordUnlock = RsaUtils.decryptByPrivateKey(password);// 登录前置校验loginPreCheck(username, passwordUnlock);try {
//            System.out.println(password); // 对局部变量做的修改，现在密码还是加密的，okUsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, passwordUnlock);AuthenticationContextHolder.setContext(authenticationToken);// 该方法会去调用 UserDetailsServiceImpl.loadUserByUsername
//            authentication = authenticationManager.authenticate(authenticationToken);// 测试内部会调用 authenticationManager.authenticate () 对账号和密码做验证//            System.out.println("username = " + username + "解密后 password：" + password); // ok
//            修改后：加密传输authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, passwordUnlock));

另附上整个 login 方法的代码：

    /*** 登录验证** @param username 用户名* @param password 密码* @param code     验证码* @param uuid     唯一标识* @return 结果*/public String login(String username, String password, String code, String uuid) throws Exception {// 验证码校验validateCaptcha(username, code, uuid);// 用户验证Authentication authentication = null;// 首先在这里用解密后密码！！不然过不了长度校验！！String passwordUnlock = RsaUtils.decryptByPrivateKey(password);// 登录前置校验loginPreCheck(username, passwordUnlock);try {
//            System.out.println(password); // 对局部变量做的修改，现在密码还是加密的，okUsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, passwordUnlock);AuthenticationContextHolder.setContext(authenticationToken);// 该方法会去调用 UserDetailsServiceImpl.loadUserByUsername
//            authentication = authenticationManager.authenticate(authenticationToken);// 测试内部会调用 authenticationManager.authenticate () 对账号和密码做验证
//            System.out.println("username = " + username + "解密后 password：" + password); // ok
//            修改后：加密传输authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, passwordUnlock));} catch (Exception e) {if (e instanceof BadCredentialsException) {AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));throw new UserPasswordNotMatchException();} else {AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));throw new ServiceException(e.getMessage());}} finally {AuthenticationContextHolder.clearContext();}AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));LoginUser loginUser = (LoginUser) authentication.getPrincipal();recordLoginInfo(loginUser.getUserId());// 生成tokenreturn tokenService.createToken(loginUser);}

注意我们并不是要把密码解密，而是使用一个局部变量存储解密后的密码进行校验！！！密码仍然是要加密存储在数据库里的！！！

至此整个排错过程结束！如果有抛出异常的提示，跟着 idea 加上就行。

太长不看版：解决方法

我来不及排错了，只想知道答案 ↓

找到 src/main/java/com/ruoyi/framework/web/service/SysLoginService.java

使用下面的 login 方法：

    /*** 登录验证** @param username 用户名* @param password 密码* @param code     验证码* @param uuid     唯一标识* @return 结果*/public String login(String username, String password, String code, String uuid) throws Exception {// 验证码校验validateCaptcha(username, code, uuid);// 用户验证Authentication authentication = null;// 首先在这里用解密后密码！！不然过不了长度校验！！String passwordUnlock = RsaUtils.decryptByPrivateKey(password);// 登录前置校验loginPreCheck(username, passwordUnlock);try {
//            System.out.println(password); // 对局部变量做的修改，现在密码还是加密的，okUsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(username, passwordUnlock);AuthenticationContextHolder.setContext(authenticationToken);// 该方法会去调用 UserDetailsServiceImpl.loadUserByUsername
//            authentication = authenticationManager.authenticate(authenticationToken);// 测试内部会调用 authenticationManager.authenticate () 对账号和密码做验证
//            System.out.println("username = " + username + "解密后 password：" + password); // ok
//            修改后：加密传输authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, passwordUnlock));} catch (Exception e) {if (e instanceof BadCredentialsException) {AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match")));throw new UserPasswordNotMatchException();} else {AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage()));throw new ServiceException(e.getMessage());}} finally {AuthenticationContextHolder.clearContext();}AsyncManager.me().execute(AsyncFactory.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success")));LoginUser loginUser = (LoginUser) authentication.getPrincipal();recordLoginInfo(loginUser.getUserId());// 生成tokenreturn tokenService.createToken(loginUser);}

有抛出异常报错跟着 idea 改就行了。

【若依 SpringBoot 前后端分离版】修改加密传输后密码错误的解决方法（附排错过程）

排错过程

报错信息

SysLoginController

SysLoginService（问题核心）

太长不看版：解决方法

相关文章：

【若依 SpringBoot 前后端分离版】修改加密传输后密码错误的解决方法（附排错过程）

发送请求- header配置

C语言重难知识点

jMeter学习

Nodejs运行vue项目时，报错：Error: error:0308010C:digital envelope routines::unsupported

华为汽车图谱

鸿蒙操作系统-初识

【ZZULIOJ】1003: 两个整数的四则运算（Java）

聊聊芯片原厂

百人一岗，Android开发者的困境。。。。。

若依分离版 —引入echart连接Springboot后端

Halcon深度学习项目实战

子类中的方法去调用父类中的方法有几种形式？原生django如何向响应头写入数据

数据安全治理框架构建

深度学习十大算法之图神经网络（GNN）

【工具类】git log 常用别名，git log 干活，git log常用参数

[linux] AttributeError: module ‘transformer_engine‘ has no attribute ‘pytorch‘

前端面试题----＞JavaScript

spring 的理解

【Java程序设计】【C00384】基于（JavaWeb）Springboot的民航网上订票系统（有论文）

变量 varablie 声明- Rust 变量 let mut 声明与 C/C++ 变量声明对比分析

【位运算】消失的两个数字（hard）

【大模型RAG】Docker 一键部署 Milvus 完整攻略

电脑插入多块移动硬盘后经常出现卡顿和蓝屏

2021-03-15 iview一些问题

生成 Git SSH 证书

Python爬虫（二）：爬虫完整流程

HTML前端开发：JavaScript 常用事件详解

【OSG学习笔记】Day 16: 骨骼动画与蒙皮（osgAnimation）

Reasoning over Uncertain Text by Generative Large Language Models